<html><head></head><body><br><br>
<a name="SecuritySchema"><font size="+3"><b>Security Schema</b></font></a><br>
<br>
The webERP security scheme consists of the following parts:
<ol><li>
Users:<br>
A separate account should be created for each user.<br>
User accounts may be added or removed by an administrator at:<br>
Main Menu > Setup > User Accounts (WWW_Users.php)<br>
+++<br>
Each user is assigned a 'Security Role' by selecting a choice<br>
from the drop down list labeled 'Security Role'.<br>
See below for a list of the default Security Roles available.<br>
+++<br>
</li><li>
Security Roles:<br>
Security Roles may be added or removed by an administrator at:<br>
Main Menu > Setup > Role Permissions (WWW_Access.php)<br>
+++<br>
Each 'Security Role' is assigned one or more 'Security Tokens'.<br>
The 'Security Tokens' assigned to a particular 'Security Role' can be <br>
changed at: Main Menu > Setup > Role Permissions (WWW_Access.php)<br> 
+++<br>  
See below for a list of the default 'Security Roles' and the <br>
'Security Tokens' assigned to each.<br>
<br>  
</li><li>
Security Tokens:<br>
15 'Security Token' choices are available by default.<br>
See below for a list of the default 'Security Tokens'.<br>
Each 'Security Token' allows access to one or more webERP pages.<br>    
+++<br>
There is no webERP tool to add, remove or edit 'Security Tokens'.<br>
However, an administrator can edit the underlying table (securitytokens).<br>
<br>  
</li><li>
PageSecurity values:<br>
Each webERP page includes a Page Security value from 1 to 15.<br>
This is hard coded into each page; for example: $PageSecurity = 1;<br>
For user access Page Security values correspond to 'Security Token' values.<br>
+++<br>
There is no webERP tool to change PageSecurity values.<br>
However, an administrator can edit the pages directly.<br>
<br></ol>
These parts work together as follows. The user name and password combination
entered at log on enables the system to identify the 'Security Role' for the User.
The User's 'Security Role' determines what 'Security Tokens' are available to
the User.  The User is allowed access to any page with a 'PageSecurity' value
equal to the 'Security Token' values available to that User.<br>
<br>
<br>
<u>A more comprehensive description of the security scheme follows:</u><br>
<br>
Each webERP page (script) is assigned a specific PageSecurity value.
This page security value is hard coded inside each script. At the time 
of writing this is a number between 1 and 15.  If more levels of security
are necessary then this can be expanded by an administrator or developer. 
The default PageSecurity values for each page are set out in the table 
below.<br>
<br>
The user is allowed access to a page if the PageSecurity value of the page 
is a number contained in the SESSION AllowedPageSecurityTokens array as 
determined from the users access level (Security Role). The user access level Security Role) is an integer 
that represents the Security Role assigned to the user in the user set up page 
(WWW_users.php).<br>
<br>
Access authority is checked in the session.inc script for all pages 
(or PDF_Starter.inc for PDF pages). The variable $_SESSION['AccessLevel'] 
is retrieved from the database when the user logs on - in session.inc. 
This variable refers to the Security Role of the user. 
The SESSION['AllowedPageSecurityTokens'] array of numbers is retrieved
from the database based on the users AccessLevel - or Security Role. Any page
that has a $PageSecurity value equal to any value in this array is deemed 
to be an authorised page.<br>
<br>
If you wish to add more Security Roles then you must use the Role
Permissions script (WWW.Access.php). You must also specify the Security
Tokens for the new Security Role.  Users assigned to the new Security 
Role will have access to any page where the Page Security value is equal 
to a Security Token value assigned to the new Security Role. This mechanism 
allows the system administrator to control who can access what.<br>
<br>
By changing the Security Role assigned to each users and the Security
Tokens assigned to each Security Role the security access can
be tailored for all users. When making these changes reference the default 
values in the tables below. PageSecurity values must also be known.
The value of the default settings can be modified as needed.<br>
<br>
<u>Security Scheme Tables:</u><br>
<br>
<table border="2">
<tbody>
<tr>
<th>Table.Field</th>
<th>Example Data</th>
<th>Comment</th>
</tr>
<tr>
<td>www_user.userid<br>www_user.fullaccess</td>
<td>demo<br>8</td>
<td>These fields are updated by<br>WWW_Users.php.</td>
</tr>
<tr>
<td>securityroles.secroleid<br>securityroles.secrolename</td>
<td>8<br>System Administrator</td>
<td>These fields are changed when a<br>
    'Security Role' is created or deleted<br>
    at WWW_Access.php.</td>
</tr>
<tr>
<td>securitygroups.secroleid<br>securitygroups.tokenid</td>
<td>8<br>1</td>
<td>These fields are updated when<br>
    'Security Tokens' are assigned or<br>
    removed from 'Security Roles'.<br>
    at WWW_Access.php.</td>
</tr>
<tr>
<td>securitytokens.tokenid<br>securitytokens.tokenname</td>
<td>1<br>Menu and Order Entry Only</td>
<td>15 default security tokens are defined.<br>
    This data can not be edited using any<br>
    webERP tool.</td>
</tr>
<tr>
<td>webERP page</td>
<td>CustomerInquiry.php<br>$PageSecurity = 1;</td>
<td>The PageSecurity value for each page<br>
    is pre-defined and can not be edited<br>
    using any webERP tool.</td>
</tr>
</tbody></table></body></html>

<br>
<br>
<b>Security Roles: Defaults for webERP version 3.0.5:</b><br>
<br>
1 - Inquiries/Order Entry<br>
2 - Manufac/Stock Admin<br>
3 - Purchasing officer<br>
4 - AP Clerk<br>
5 - AR Clerk<br>
6 - Accountant<br>
7 - Customer logon only<br>
8 - System Administrator<br>
<br>
<b>Security Token assignments: Defaults for webERP version 3.0.5:,</b><br>
<br>
1 - Inquiries/Order Entry tokens = 1, 2<br>
2 - Manufac/Stock Admin tokens = 1, 2, 11<br>
3 - Purchasing officer tokens = 1, 2, 3, 4, 5, 11<br>
4 - AP Clerk tokens = 1, 2, 5<br>
5 - AR Clerk tokens = 1, 2, 5, 11<br>
6 - Accountant tokens = 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11<br>
7 - Customer logon only token = 1<br>
8 - System Administrator = All the currently defined security tokens<br>
<br>
<b>Security Tokens: Defaults for webERP version 3.0.5:</b><br>
<br>
1 - Menu and order entry only<br>
2 - Inventory, AR & AP inquiries & reports<br>
3 - AR setup customers, areas, receipts, allocations, credit notes, salesfolk, credit status<br>
4 - PO Entry, Purchasing data & reorder levels<br>
5 - AP Invoice, Credit, Payment entry. Supplier maintenance<br>
6 - Not used<br>
7 - Bank reconciliations<br>
8 - GL Journals, COA, sales/COGS GL postings, terms, cost update, company prefs<br>
9 - Ledger Maintenance and Manufacturing<br>
10 - GL Journals, COA, sales/COGS GL postings, terms, cost update, company prefs<br>
11 - Pricing & Inventory locations, categories, receiving & adjustments<br>
12 - No Used<br>
13 - Not Used<br>
14 - Not Used<br>
15 - User management, System Admin setup & utilities<br>
<br>
<b>PageSecurity values: Defaults for webERP version 3.05:</b><br>
<br>
<table border="2">
<tbody><tr><th>Page (script) File Name
</th><th>PageSecurity value 
</th></tr>
<tr>

<td>CustomerInquiry.php</td></td><td>1</td></tr>
<td>GetStockImage.php</td></td><td>1</td></tr>
<td>index.php</td></td><td>1</td></tr>
<td>Logout.php</td></td><td>1</td></tr>
<td>MailInventoryValuation.php</td></td><td>1</td></tr>
<td>PDFStockLocTransfer.php</td></td><td>1</td></tr>
<td>PDFStockNegatives.php</td></td><td>1</td></tr>
<td>PrintCustTrans.php</td></td><td>1</td></tr>
<td>PrintCustTransPortrait.php</td></td><td>1</td></tr>
<td>reportwriter/FormMaker.php</td></td><td>1</td></tr>
<td>reportwriter/ReportMaker.php</td></td><td>1</td></tr>
<td>SelectCompletedOrder.php</td></td><td>1</td></tr>
<td>SelectOrderItems.php</td></td><td>1</td></tr>
<td>AgedDebtors.php</td></td><td>2</td></tr>
<td>AgedSuppliers.php</td></td><td>2</td></tr>
<td>BOMInquiry.php</td></td><td>2</td></tr>
<td>BOMListing.php</td></td><td>2</td></tr>
<td>ConfirmDispatch_Invoice.php</td></td><td>2</td></tr>
<td>CustomerTransInquiry.php</td></td><td>2</td></tr>
<td>CustWhereAlloc.php</td></td><td>2</td></tr>
<td>DebtorsAtPeriodEnd.php</td></td><td>2</td></tr>
<td>EmailCustTrans.php</td></td><td>2</td></tr>
<td>FTP_RadioBeacon.php</td></td><td>2</td></tr>
<td>InventoryPlanning.php</td></td><td>2</td></tr>
<td>InventoryValuation.php</td></td><td>2</td></tr>
<td>OrderDetails.php</td></td><td>2</td></tr>
<td>OutstandingGRNs.php</td></td><td>2</td></tr>
<td>PDFCustomerList.php</td></td><td>2</td></tr>
<td>PDFLowGP.php</td></td><td>2</td></tr>
<td>PDFPriceList.php</td></td><td>2</td></tr>
<td>PDFQuotation.php</td></td><td>2</td></tr>
<td>PDFStockCheckComparison.php</td></td><td>2</td></tr>
<td>PeriodsInquiry.php</td></td><td>2</td></tr>
<td>PO_OrderDetails.php</td></td><td>2</td></tr>
<td>PO_PDFPurchOrder.php</td></td><td>2</td></tr>
<td>PO_SelectOSPurchOrder.php</td></td><td>2</td></tr>
<td>PO_SelectPurchOrder.php</td></td><td>2</td></tr>
<td>Prices.php</td></td><td>2</td></tr>
<td>PrintCustOrder_generic.php</td></td><td>2</td></tr>
<td>PrintCustOrder.php</td></td><td>2</td></tr>
<td>PrintCustStatements.php</td></td><td>2</td></tr>
<td>reportwriter/admin/ReportCreator.php</td></td><td>2</td></tr>
<td>SalesAnalReptCols.php</td></td><td>2</td></tr>
<td>SalesAnalRepts.php</td></td><td>2</td></tr>
<td>SalesAnalysis_UserDefined.php</td></td><td>2</td></tr>
<td>SelectCustomer.php</td></td><td>2</td></tr>
<td>SelectProduct.php</td></td><td>2</td></tr>
<td>SelectRecurringSalesOrder.php</td></td><td>2</td></tr>
<td>SelectSalesOrder.php</td></td><td>2</td></tr>
<td>SelectSupplier.php</td></td><td>2</td></tr>
<td>ShiptsList.php</td></td><td>2</td></tr>
<td>StockCheck.php</td></td><td>2</td></tr>
<td>StockCostUpdate.php</td></td><td>2</td></tr>
<td>StockCounts.php</td></td><td>2</td></tr>
<td>StockLocMovements.php</td></td><td>2</td></tr>
<td>StockLocStatus.php</td></td><td>2</td></tr>
<td>StockMovements.php</td></td><td>2</td></tr>
<td>StockQuantityByDate.php</td></td><td>2</td></tr>
<td>StockSerialItems.php</td></td><td>2</td></tr>
<td>StockStatus.php</td></td><td>2</td></tr>
<td>StockUsage.php</td></td><td>2</td></tr>
<td>StockUsageGraph.php</td></td><td>2</td></tr>
<td>SupplierBalsAtPeriodEnd.php</td></td><td>2</td></tr>
<td>SupplierTransInquiry.php</td></td><td>2</td></tr>
<td>Tax.php</td></td><td>2</td></tr>
<td>WhereUsedInquiry.php</td></td><td>2</td></tr>
<td>Z_CheckAllocs.php</td></td><td>2</td></tr>
<td>Areas.php</td></td><td>3</td></tr>
<td>Credit_Invoice.php</td></td><td>3</td></tr>
<td>CreditItemsControlled.php</td></td><td>3</td></tr>
<td>CreditStatus.php</td></td><td>3</td></tr>
<td>CustomerAllocations.php</td></td><td>3</td></tr>
<td>CustomerBranches.php</td></td><td>3</td></tr>
<td>CustomerReceipt.php</td></td><td>3</td></tr>
<td>Customers.php</td></td><td>3</td></tr>
<td>PDFBankingSummary.php</td></td><td>3</td></tr>
<td>PDFChequeListing.php</td></td><td>3</td></tr>
<td>PDFDeliveryDifferences.php</td></td><td>3</td></tr>
<td>PDFDIFOT.php</td></td><td>3</td></tr>
<td>PDFOrdersInvoiced.php</td></td><td>3</td></tr>
<td>PDFOrderStatus.php</td></td><td>3</td></tr>
<td>SalesPeople.php</td></td><td>3</td></tr>
<td>SelectCreditItems.php</td></td><td>3</td></tr>
<td>StockSerialItemResearch.php</td></td><td>3</td></tr>
<td>PO_Header.php</td></td><td>4</td></tr>
<td>PO_Items.php</td></td><td>4</td></tr>
<td>PurchData.php</td></td><td>4</td></tr>
<td>SpecialOrder.php</td></td><td>4</td></tr>
<td>StockReorderLevel.php</td></td><td>4</td></tr>
<td>Payments.php</td></td><td>5</td></tr>
<td>PrintCheque.php</td></td><td>5</td></tr>
<td>StockQties_csv.php</td></td><td>5</td></tr>
<td>SuppCreditGRNs.php</td></td><td>5</td></tr>
<td>SuppInvGRNs.php</td></td><td>5</td></tr>
<td>SupplierAllocations.php</td></td><td>5</td></tr>
<td>SupplierCredit.php</td></td><td>5</td></tr>
<td>SupplierInvoice.php</td></td><td>5</td></tr>
<td>Suppliers.php</td></td><td>5</td></tr>
<td>SuppPaymentRun.php</td></td><td>5</td></tr>
<td>SuppShiptChgs.php</td></td><td>5</td></tr>
<td>SuppTransGLAnalysis.php</td></td><td>5</td></tr>
<td>SalesGraph.php</td></td><td>6</td></tr>
<td>BankMatching.php</td></td><td>7</td></tr>
<td>BankReconciliation.php</td></td><td>7</td></tr>
<td>GLAccountInquiry.php</td></td><td>8</td></tr>
<td>GLBalanceSheet.php</td></td><td>8</td></tr>
<td>GLCodesInquiry.php</td></td><td>8</td></tr>
<td>GLProfit_Loss.php</td></td><td>8</td></tr>
<td>GLTransInquiry.php</td></td><td>8</td></tr>
<td>GLTrialBalance.php</td></td><td>8</td></tr>
<td>SelectGLAccount.php</td></td><td>8</td></tr>
<td>BOMs.php</td></td><td>9</td></tr>
<td>Currencies.php</td></td><td>9</td></tr>
<td>Z_CreateChartDetails.php</td></td><td>9</td></tr>
<td>AccountGroups.php</td></td><td>10</td></tr>
<td>AccountSections.php</td></td><td>10</td></tr>
<td>BankAccounts.php</td></td><td>10</td></tr>
<td>COGSGLPostings.php</td></td><td>10</td></tr>
<td>CompanyPreferences.php</td></td><td>10</td></tr>
<td>EDIMessageFormat.php</td></td><td>10</td></tr>
<td>GLAccounts.php</td></td><td>10</td></tr>
<td>GLJournal.php</td></td><td>10</td></tr>
<td>PaymentTerms.php</td></td><td>10</td></tr>
<td>SalesGLPostings.php</td></td><td>10</td></tr>
<td>WorkOrderEntry.php</td></td><td>10</td></tr>
<td>WorkOrderIssue.php</td></td><td>10</td></tr>
<td>ConfirmDispatchControlled_Invoice.php</td></td><td>11</td></tr>
<td>CustEDISetup.php</td></td><td>11</td></tr>
<td>DiscountCategories.php</td></td><td>11</td></tr>
<td>DiscountMatrix.php</td></td><td>11</td></tr>
<td>EDIProcessOrders.php</td></td><td>11</td></tr>
<td>FreightCosts.php</td></td><td>11</td></tr>
<td>GoodsReceived.php</td></td><td>11</td></tr>
<td>GoodsReceivedControlled.php</td></td><td>11</td></tr>
<td>Locations.php</td></td><td>11</td></tr>
<td>Prices_Customer.php</td></td><td>11</td></tr>
<td>ReverseGRN.php</td></td><td>11</td></tr>
<td>SalesCategories.php</td></td><td>11</td></tr>
<td>ShipmentCosting.php</td></td><td>11</td></tr>
<td>Shipments.php</td></td><td>11</td></tr>
<td>Shipt_Select.php</td></td><td>11</td></tr>
<td>StockAdjustments.php</td></td><td>11</td></tr>
<td>StockAdjustmentsControlled.php</td></td><td>11</td></tr>
<td>StockCategories.php</td></td><td>11</td></tr>
<td>StockLocTransfer.php</td></td><td>11</td></tr>
<td>StockLocTransferReceive.php</td></td><td>11</td></tr>
<td>Stocks.php</td></td><td>11</td></tr>
<td>StockTransferControlled.php</td></td><td>11</td></tr>
<td>StockTransfers.php</td></td><td>11</td></tr>
<td>TaxAuthorityRates.php</td></td><td>11</td></tr>
<td>EDISendInvoices.php</td></td><td>15</td></tr>
<td>PaymentMethods.php</td></td><td>15</td></tr>
<td>SalesTypes.php</td></td><td>15</td></tr>
<td>Shippers.php</td></td><td>15</td></tr>
<td>SystemParameters.php</td></td><td>15</td></tr>
<td>TaxCategories.php</td></td><td>15</td></tr>
<td>TaxProvinces.php</td></td><td>15</td></tr>
<td>UnitsOfMeasure.php</td></td><td>15</td></tr>
<td>Z_CheckAllocationsFrom.php</td></td><td>15</td></tr>
<td>Z_index.php</td></td><td>15</td></tr>
<td>Z_MakeNewCompany.php</td></td><td>15</td></tr>
<td>Z_poAddLanguage.php</td></td><td>15</td></tr>
<td>Z_poAdmin.php</td></td><td>15</td></tr>
<td>Z_poEditLangHeader.php</td></td><td>15</td></tr>
<td>Z_poEditLangModule.php</td></td><td>15</td></tr>
<td>Z_poRebuildDefault.php</td></td><td>15</td></tr>
<td>Z_Upgrade_3.01-3.02.php</td></td><td>15</td></tr>
<td>Z_Upgrade_3.04-3.05.php</td></td><td>15</td></tr>

</tbody></table></body></html>
